I have worked in crypto all my career but landed in cybersecurity by accident. During my first job out of college, we had trouble getting an Oracle database to talk to on the other side of town. I managed to figure out that the cause was not using a valid digital certificate from one Oracle node to another; I have been working with certificates ever since. This led to various startup roles in Germany, then the UK, before landing at Venafi in 2012.
What are machine identities and what are they used for?
Machine identities govern the confidentiality, authentication, and integrity of communications between machines. To ensure their unique identity, machines—that is, every app, website, device, cloud instance, microservice, and even algorithm—use keys and certificates, just like people use a naming system. username and passwords to authenticate online. Common machine identities include TLS, SSH, and code signing certificates and keys. Compromised machine identities can have a significant impact on the security of organizations. Attackers can abuse machine identities to establish hidden or covert encrypted communication tunnels on corporate networks and gain privileged access to data and resources. Forged or stolen machine identities can also allow an attacker's machine to impersonate a legitimate machine and entrust sensitive data to it. We've probably all experienced machine identity failures at one point or another. Have you ever come across a website marked with an "untrustworthy" warning? Or have you found that you just can't log into a website? A machine's identity has likely expired and essentially been banned from the internet because it's not trusted. When machines can't be trusted by other machines, the services they provide simply stop working, and we've seen plenty of examples of machines' identity expiration causing costly outages, from O2 to Spotify. Given that there are thousands, if not millions, of machine identities in use by a single organization, it's no wonder these flaws, let alone attacks, happen so frequently. Now consider the extent to which machines drive our world. From cloud services, microservices, virtualized applications, edge computing to IoT, digital transformation is accelerating. Machine-to-machine connections are growing rapidly and are expected to reach 14,6 billion by 2022, all backed by machine identities that validate communication as trusted and secure. In other words, machine identities are the foundation of trust for our entire digital world.What impact, if any, has the COVID-19 crisis had on the use of machine identities?
COVID-19 has led many organizations to accelerate their digital initiatives, resulting in the use of more and more machine identities. There is more use of the cloud, more Kubernetes, more APIs, more web services; all of that means more machine identities. Organizations know they need to innovate quickly, leveraging digital tools to weather the current storm and outperform their competitors. As a result, many have turned to DevOps to help them achieve their digital goals faster. However, this presents new security risks. In many cases, as the speed of development has increased, DevOps teams create more new machine identities than IT security teams can adequately manage, increasing the risk of identity theft and exploitation. by cyber criminals. For many organizations, this is the root cause of what is known as the "machine identity crisis."Can you explain why machine identities are valuable to cybercriminals?
Armed with machine identities and powers, cybercriminals can bypass an organization's security defenses undetected by creating hidden encrypted TLS tunnels within the organization's network. They can then gain privileged SSH access to systems and exfiltrate data. Stolen Code Sighs can also allow hackers to attack their targets with malware that evades next-generation antivirus. Ultimately, stolen or forged machine identities allow cybercriminals to move undetected, as these identities give them legitimacy and trust. Beyond that, the identities of the machines can also be used to impersonate or spoof websites, making them appear genuine and safe to fool unwitting victims; the padlock in the browser's URL bar does not necessarily mean that the website is secure. It's important to note that machine identities can also be used to sign malware, making it appear as if it came from legitimate sources like Apple or Microsoft. Using machine identities in this way can dramatically speed up the speed of malware distribution, because if it's signed with an identity from a trusted source, it's much more likely to be accepted by machines around the world. . And as we use containers for cloud-based microservices, the opportunity to run untrusted software is accelerating.You mentioned the risk of a "machine identity crisis". What does that mean?
Machine Identity Crisis is the situation in which organizations find themselves with more machine identities than they can protect, increasing the risk of being exploited by cybercriminals. Our increasing reliance on machines has skyrocketed the number of machine identities organizations must manage. Organizations that once had thousands to protect now find themselves in the hundreds of thousands, if not millions, and the number continues to grow as digital transformation accelerates. Each of these unsecured machine identities represents a new cybersecurity threat. To further complicate matters, machine identities expire after a certain period of time to reduce the window in which cybercriminals can take advantage of fake or compromised certificates. As soon as a certificate expires, the digital processes it supports stop working because they cannot be validated by other machines. As such, good machine identity management goes beyond looking for signs of misuse by cybercriminals; it extends to the replacement of certificates before they expire and cause failures. All it takes is for a certificate to expire or for a certificate to fall into the wrong hands, and organizations can find themselves in trouble. Given the exponential growth of machines and their transient nature, managing machine identities is already overwhelming IT and security teams.Why do organizations risk neglecting the importance of protecting the identities of their machines?
Organizations often prioritize protecting human identities (usernames and passwords) over protecting machine identities. Organizations spend billions on securing the former, but only a fraction of that amount on the latter. This can be partly explained by the fact that machine identities are a relatively new point of attack and are considered a less tangible risk than human identities. However, while the number of human users on a network remains relatively stable, the number of machines used has skyrocketed. Despite this, many companies still rely on machine identity management using manual methods such as spreadsheets. This approach leaves managers struggling to keep up with the sheer volume of new machine identities created, increasing the risk of machine identities being lost to cybercriminals or expiring and causing an outage. . This risk comes at a high financial cost: according to a report by AIR Worldwide and Venafi, mismanagement of machine identities resulted in losses between €51 billion and €72 billion to the global economy. Intelligent automation is the only way that companies can solve these problems. Organizations need to have complete visibility into every machine identity that touches their business, from data centers to every cloud, be able to monitor those identities in real time for abuse or upcoming expirations, and be able to automatically remediate any discovered vulnerabilities at speed. and machine scale.- Kevin Bocek, Vice President of Security Strategy and Threat Intelligence, Venafi.